Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ragno
New Contributor

Virtual IP for enable RDP

Hi,

 

I'm trying to make the settings on Fortigate to enable the RDP to a server but is not working.

I made the Virtual IP settings and I created the policy:

 

what is the problem?

 

VIRTUAL IP:

Name: RDP_virtualIP External Interface: wan1

External IP: 999.999.999.999 (I put the correct external ISP IP)

Mapped IP: 192.168.100.30

Port fowarding: enabled

External service port:3389/3389 Map to Port: 3389/3389

 

POLICY

From: wan1

To: vlan100

Source: all

Destination: RDP_virtualIP

Nat: disabled

 

In the logs I can see the pc outside that is trying to connect, it is not being blocked but doesn't works.

I placed the policy on the top of the rules but doesnt worked too.

23 REPLIES 23
Robin_Svanberg

Ok, strange issue. I guess nothing worked? :)

 

If you enable NAT, can you collect the output of "diag sniff packet any 'host 192.168.100.30' 4" the same time you try to connect? Just want to see if there´s any ARP requests or similiar to 192.168.100.30.

 

Robin Svanberg Network Consultant @ Ethersec AB in Östersund, Sweden

 

robin.svanberg@ethersec.se

Robin Svanberg Network Consultant @ Ethersec AB in Östersund, Sweden robin.svanberg@ethersec.se
Christopher_McMullan

It would also still be very useful to review any logs generated on the server itself once connection attempts are made.

Regards, Chris McMullan Fortinet Ottawa

Dave_Hall

@OP

 

Perhaps you can provide the CLI script equivalent, we may be able to spot something. eg.

 

config firewall service custom     edit "rdp-port-list"         set tcp-portrange 3389-3389:0-65535     next end config firewall vip     edit "RDP-Server1"         set extintf "wan1"         set portforward enable         set mappedip 192.168.100.30         set extport 3389         set mappedport 3389     next end config firewall policy     edit 0         set srcintf "wan1"         set dstintf "dmz_net"         set srcaddr "remote-admin-pc"         set dstaddr "RDP-Server1"         set action accept         set schedule "always"         set service "rdp-port-list"         [style="background-color: #ff0000;"]set nat enable[/style]     next end

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
ragno
New Contributor

Solved the problem: I just changed the port to 3386 on windows registry

(HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber) and now is working. 

 

But I didn't understand why 3389 doesn't works.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors